mcp-front

The project demonstrates strong security practices for an alpha stage: OAuth 2.0 with PKCE, AES-256-GCM encryption for session cookies and secrets, HMAC-SHA256 for token signing, Google Workspace domain validation, and robust header sanitization for requests forwarded to backend MCP servers. It enforces 32-byte minimums for JWT and encryption keys. Std-io MCP servers run in isolated Docker containers per user, and an explicit configuration syntax (`{"$env": "VAR"}`) prevents shell injection. However, the README explicitly states it's 'not production ready' and clarifies that 'mcp-front handles authentication, MCP servers handle authorization and input validation,' shifting responsibility for backend data integrity to the configured MCP servers. Granting Docker socket access for 'stdio' transport also presents a significant privilege escalation risk if not managed carefully.